Keeping Privacy Free for You (Whoever You Are)

One thing that I find strange about Ghostery is that it’s made by an advertising company called Evidon. They claim that it’s opt-in only for aggregating advertiser tracking cookies and scripts but not sure about that since they are into internet marketing.

We see and hear this concern a lot, especially right after Evidon acquired Ghostery, back when Evidon was called “The Better Advertising Project.” The feedback ranges from inquisitive concern like jablone’s to outright accusations that we’re secretly tracking our brains out by fooling people into thinking we have a privacy product.

The truth is, as recently captured in a VentureBeat headline, that we are “a Web tracking blocker that actually helps the ad industry“. And as the article details, we do this while offering the most comprehensive user privacy extension available. We’re proud of how we make this work, and since we like to practice what we preach about transparency, we thought we’d run down that business model again.

Here’s the short version:

Ghostery is totally free, and only collects data if you opt-in.

All the data we collect when you opt-in is totally anonymous.

We provide data to the advertising industry about their own tools, because like lots of businesses, they value opportunities to measure their own performance.

We also (thankfully) hear this a lot. People appreciate what we do, and some of them even offer to pay for our otherwise free tool. We don’t want to require users to pay for privacy, however, so we ask for donations in the form of anonymous data. When you opt-in to Ghostrank, you help support Ghostery. We get that this might not be comfortable for everyone – web tracking in any form can understandably make people nervous – and so we don’t require this data collection in any way. Ghostery operates exactly the same, with all the same functionality and features, whether you choose to help us by providing data or not.

So, what do we call a service that helps side A avoid side B while helping side B pursue side A?

Strictly speaking, we don’t help the industry pursue its audience, because we don’t share any data about the audience. None of what we collect can ever be used to target an ad or even to identify a Ghostery user. In fact, this data is pretty obvious stuff:

the tracking element that was encountered,

the page it was encountered on,

whether or not you blocked the element,

the browser you’re using,

whether or not the element was visible when the page loaded,

how long the tracking element took to load,

and version of Ghostery you’re using.

So the intelligence is about the tracking elements that were encountered, not the user that encountered those elements. We use a combination of IP address and browser to determine unique panel members, but we make an encrypted hash of that combination and store it securely, making it impossible to ever trace this activity back to a given user. That’s why we say the data is completely anonymous – we can’t even find you to say “Thank you”.

(So if you ARE a Ghostrank panel member – thanks! You rule.)

So, while attempting to maintain privacy, users are actually helping this company’s efforts to enable more companies to become increasingly savvy and invasive?

Evidon doesn’t work to allow advertisers to be more invasive. In fact, Evidon is in the business of making online advertising more transparent and more easily controlled. As a privacy technology company, Evidon helps advertisers deliver the AdChoices icon, which gives web users more information about the ads they see and the opportunity to opt-out of data collection and use for advertising. Evidon’s position as a trusted partner for compliance with the advertising industry’s regulatory standards makes it a naturally trusted partner for industry intelligence, which is why we’re able to sell Ghostrank data. We package that data with other information collected from our lab scanners and, after analysis from our privacy team, we have something the advertising industry is willing to buy.

So by providing anonymous data to us while using our tracker blocking tool, you help us to continue to develop that tool by having it paid for by the tracking companies. Again, we’re pretty proud of how we’ve made a business of user privacy this way. We don’t have to ask you to spend your money for an app or subscription service. We don’t have to rely on charitable grants from companies, foundations, or government agencies that may come with undesirable conditions. We believe it’s the best way to continue to provide a first-class tool for user privacy while working toward a more transparent and controllable web by default.

We sincerely thank all of our Ghostery users, especially those who are a part of our Ghostrank panel. You’re helping us to do something we think is important, something that really could change the web as we know it, and something we really love to do.

If you have any questions, please email me (andy at ghostery dot com), post on our support forum, or hit us up on Twitter or Facebook. We’d love to hear from you.

Happy Browsing (whoever you are),

Andy K
Ghostery’s Senior Product Manager

22 Responses to Keeping Privacy Free for You (Whoever You Are)

Will this prevent my business from appearing on the First Page of Google in the Limousine Service in Gulf Shores, Alabama? Because I am not even showing up at all and have been trying to figure out why my ad no longer appears when I search: Limousine in Gulf Shores

No it wont,you must have issues with Google itself.
Have you paid you bill?
Do you have ad blocking on your computer? if no ad blocking then i suggest to log into your ad sense account and contacting Google.
One thing to check is make sure your ads are turned on in your account, easy mistake.

This is all well and good. The problem is that Ghostery is proprietary, so we can not be sure that all this is true. There are several similar open source solutions, like AdBlock and Disconnect.me – so why do you keep Ghostery proprietary?

Especially since it is a browser extension which purportedly helps privacy. Sure we could just trust what you write on your blog, but regarding such essential extensions I’d rather be sure.

We bought Ghostery back in the day, and were unsure whether or not to take it open source. Now we’re comfortable doing that. There are currently several tickets open right now to create a base for this, and it should be happening shortly.

That said, we don’t obscure any of the code. You can download the extension and unpack it, everything is there. Is there anything else I can do to make you more comfortable with the product?

I’m not sure what to say really. I know on day 1, the “Lure” if you will, was the “Promise”, of sorts and Why I did in fact , opt in. I never saw it, and Now I’m just left wondering, what did I not do, what did I do wrong? I’m so not sure of things now, and it’s not you all, no, no, it’s the I came here, on a specific email, and I was given information I really, really had hoped and needed, to hear. I heard it, but I must have done something wrong, for it’s not gone the way I was I guess, led to believe? I’m not judging anyone, I”m merely confused, and I”m sick today and that coupled with Being so dang broke, it’s about to kill me, as it did my husband, it was purely stress, that took him from me, and If…only………ya know..? So I’m not here for bad or good feelings, or thoughts, just merely the lure that actually brought me here. Thank you for the time…and to listen to us, as people and not numbers or names. That’s far from the other places I’ve been, but a good sound off, sometimes, helps, too.

If you download the Firefox addon and rename the from “.xpi” to “.zip”, you can extract and examine the contents. You’ll find that the Ghostery code operates exactly as represented ~~ there’s no trickery, no secretive “extra stuff going on”.

@pedromelo “We provide data to the advertising industry about their own tools….” and so on, regarding Ghostery’s parent company Evidon. Using the defense that “we don’t pay for ghostery” so we should be thankful really sounds like a wildly disingenuous response to concerns about, well, the way that ghostery kind of seems a bit two faced here. But its a learning experience; while professed intent and mission of Evidon and the Company’s advertiser -backed app ghostery claim to be concerned with the education and awareness of the ways in which consumers’ data is being used, they conveniently fail to mention, in a direct and honest way, the involvement and existence of ghostery’s parent company. Yes, there is a small, fine print link on the bottom of the page, but you could have been more “transparent” about it. I do appreciate the useful and interesting app ghostery, however and I’m not all complaints here. I am just a tad bit more cynical than I was before I read that, and I at least know that a business is a business first and foremost, and they’re not on the side of consumers or their best interests, regardless of the business, even the “good” ones.

@Jamie I’m sorry you feel that way. You have to opt into any anonymous data collection, if you even want to. Also If you don’t, Ghostery is still free and operates the same way as if you had. I don’t see what is so fine print about Evidon owning Ghostery… We mention it all over the place. You’re even commenting on a blog post about it. I think if you look into the company’s business model, it is indeed based around making the advertising and data industries more transparent and enabling privacy controls for businesses and people in general. I realize that some people don’t like the advertising industry, but it makes the internet run. We’re not anti-ads, we’re pro-privacy – whatever that means to the individuals we supply products to.

That said, you can totally unpack our extensions and see for yourself if there is anything fishy going on, which I assure you there isn’t has never been, and will never be while this product is under my watch. Why would we risk the trust of our users like that, anyway? You guys are our lifeblood and you’ve helped us make the product what it is today. I’m happy to answer any questions you might have about our business, the technology or Ghostery in general. You can email me at adam at evidon dot com

Although I already made a post in this particular direction as a member of the forums, https://getsatisfaction.com/ghostery/topics/even_older_dogs_and_cats_can_benefit_from_ghostery, even if the code was being held in a security by obscurity pattern as some companies should maintain and sustain, the current election cycle is providing background into why a tool like this can sustain a position of safe harbor amongst all the circles, including even the skeptics such as myself.

Without transparency behind who is tracking what, end-user consumers are left in the dust when it comes to virtually every aspect of their lives currently being analyzed by these bugs. So while one facet is fanning the Flame program to be the most intrusive “secret” coding witnessed to date, politicians are purchasing data right along side of the private sector along with creative types such as myself, all out to catch a glimpse of something we otherwise would be unaware of.

Even I can cite a slight measure of skepticism on how my own anonymous data can be used by Ghostery (even if I opt out of GhostRank), but the only way I can completely put aside all skepticism would be for me to simple stay far, far, far away from any and all technology, including the Internet.

So although I personally favor an Opt-In world that provides default position of no data whatsoever being collected until a user opts into the collection process, I believe I have a responsibility to at least try to contemplate which group of people want to know what information about me from time to time and Ghostery makes it a lot easier to look behind the scenes than NoScript does.

Names are being named this election cycle as to what companies are issuing the psychographics being put into play and although I am sure there are thousands of tracking bugs no one will ever discover, the core index of Ghostery allows for some healthy oversight to transpire by providing this information free to the public. It’s site submission process seems a little clumsy (posting straight to a bulletin board seems to be the only current option?), but other than that, I like having the choice of reviewing the organizations behind the thousands upon thousands of 3rd party contracts without giving a search index my search habits on the topic.

How long do you retain your server logs? If you retain them at all, your hashed IDs aren’t truly anonymous. Since there is no way to verify your retention policy, there is no way to verify your privacy claim. The product is a good idea, but is ‌difficult to implement something like Ghostrank in a verifiably trustworthy manner.

After reading the above comments, I decided that I’d take a look at http://www.evidon.com and see what I thought. Having browsed around that site, and read most of it, I have to say that it sounds to me like Ghostery is exactly what it is represented to be.

Unfortunately, looking around that site has also given me an entirely new perspective on tracker-blocking software in general, and has reminded me that NOTHING is free, when you’re not paying for it, someone else is. Regardless of Evidon’s intent, the marketing and tracking industries will use the opt-in data to help create more “invisible” … or undetectable, methods of tracking us.

I’ll install ghostery, monitor it and make a decision. But I already know there is no chance I’ll ever opt-in.

This is unrelated to Ghostery, but has to do with your writing.
PLEASE stop saying opt-in with a dash when you mean opt in.
“I will opt in to the opt-in options.” That is, you are choosing to opt one way or another, and the word is opt, not opt- with a built-in dash. Do you see that last dash? It’s in a combination of words when they are used as an adjective, not when they are used as a verb.
“I will build in a built-in.” In that sentence, “built-in” implies a cabinet, dishwasher, etc., so it’s an adjective.
The one that kills me the baddest is “she is 18-years old.” Please! She is 18 years old because she is an 18-year-old person.

When downloading a free add-on, the obvious question is ‘how does this company make money?’. Most tools make money through some type of involvement in the advertising industry. Amongst ad and tracker blockers, there are various methods. Some block trackers while at the same time track you, then sell your information to advertisers. This is invasive and misleading. Others do the same thing that Ghostery does without telling you about it. Ghostery is unique in that it is very open about how they make money – and they give you the option to opt-out of paying them (with information). What I find ironic is that Ghostery opened an open forum to increase transparency and, as a result, has had multiple users question their transparency. Personally, I did quite a bit of trials with various tracker-blockers and settled on Ghostery for these reasons:

It is very unique for a toolbar company to not only be open about how they make money, but to host an open forum for users to question and critique the company.

Ghostery allows users to opt-out of information gathering, even though the information gathered can hardly be a privacy threat.

The source code for the Ghostery tool-bar is easily accessible, providing users proof of Ghostery’s claims.

Ghostery has never claim to be anti-advertisement. Most ad-blockers claim to be, but we all know that that is B.S. Advertisement is how they make their money.

Ghostery is a solid application.

All that being said, I hope that the users on this blog continue to be vigilant and continually look for better products. I encourage the type of critique found on this blog of companies that offer ‘free’ products. But don’t be blind when you come across one of the few that are uniquely transparent!

I was wondering how I could support you. After reading this, I’m going to be opting in to ghostrank.

Thanks for being so on the level about everything, and for addressing all the concerns and conflicts that came to mind in the first paragraph on this page. Super open of you. I don’t feel like I’m getting a company line.. and I appreciate that.

I was on my way to donate some money to this great product Ghostery…
Then I found Copyright, privacy policy who give informations to courts and a alliance with the Add-industry.
I do not want a product that collects and possible share my data in the name of the law when we have ACTA, CISPA, etc.

I came here looking for the questions, what, how, why… And all the doubts that can across a mind when it comes to trust a product mostly when it is free (Funny I say this when I have spend half of my life teaching for free without intention of profit)

Anyhow I will quote part of a post a bit before mine “We’re not anti-ads, we’re pro-privacy”

What is likely to happen if companies that want to track consumer data learn from Evidon’s reporting that a great number of users have blocked their tracking attempts? They will come up with more ways to get what they want that will perhaps be not so easily blocked. It makes sense to assume that if companies try to track us it is because they want our data. If they know they are not getting it they will find novel ways to get what they want. So it’s great that Ghostery lets us block them. It’s not great that Evidon tells them how much they are being blocked.

“Evidon’s position as a trusted partner for compliance with the advertising industry’s regulatory standards makes it a naturally trusted partner for industry intelligence, which is why we’re able to sell Ghostrank data.”

This is actually how I stumbled upon Ghostery. I was looking into the DAA and what their stated policies are about transparency and consumer choice, and I found Evidon listed as a compliance partner. Let me share what else I found.

1. Advertisers and marketers don’t have to be a member of the DAA (and in fact is costs a lot to be a member) so whatever standards they have do not affect businesses that are not members.

2. They have “Self-Regulatory Principles for On-line Behavioral Advertising.”

2a. “Self-Regulatory” means members should refrain from the worst abuses voluntarily to avoid having real regulation with some teeth imposed on the industry. The penalties for violating these self-imposed rules are what? Programs are supposed to “publicly report instances of uncorrected violations” so why can I not find any such reports on the DAA’s website or anywhere else via a web search?

2b. Ok, what are the principles behind this self-regulation? They won’t tell you. Their page about it, http://www.aboutads.info/principles, talks about the fact they exist but doesn’t give any link to them (there is a non-obvious link to Principles for Multi-Site Data which is built on top of the original principles, but it doesn’t spell out the original principles). The FAQ and other documents on their resources page, http://www.aboutads.info/resources, all talk about the principles and use the term in a blue underlined font as if it is a link that will take you to the principles, but it is not a link at all. I could find no link anywhere on their site to actually be able to see the principles which are the foundation of their whole program. I sent a contact request to them asking why the Principles are mentioned everywhere on their site but there are no links to read what they are, thinking I maybe somehow just missed seeing it. They did not respond back to me at all. So much for transparency.

2c. I found them anyway via a web search. The language is full of weasel words like “should” and “are encouraged” that lets members do anything they want and not not be in violation of the Principles. A robust regulatory framework tells what the regulated entities MUST and MUST NOT do, not what they “should” or “are encouraged” to do.

My conclusion from all this is the whole DAA self-regulatory framework is just a façade to make it look like the industry can’t run wild in their data collection and privacy intrusions, but I find it does no such thing. And Evidon is one brick in that façade.

I am happy that Ghostery is available to block these trackers, but I don’t agree with the idea of telling the tracking industry how much they have been blocked. I am thankful that Evidon allows me to use Ghostery without sharing the stats that serve to benefit the tracking industry. I will use Ghostery to protect my privacy but I will not opt in to Ghostrank.